[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in v
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c |
|
Date: |
Mon, 07 May 2012 13:01:01 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120425 Thunderbird/12.0 |
Il 04/05/2012 23:59, Andreas Färber ha scritto:
>> > +static struct qemu_seccomp_syscall seccomp_whitelist[] = {
>> > + {SCMP_SYS(timer_settime), 255},
> Spaces inside braces please.
>
>> > + {SCMP_SYS(timer_gettime), 254},
>> > + {SCMP_SYS(futex), 253},
>> > + {SCMP_SYS(select), 252},
>> > + {SCMP_SYS(recvfrom), 251},
>> > + {SCMP_SYS(sendto), 250},
>> > + {SCMP_SYS(read), 249},
>> > + {SCMP_SYS(brk), 248},
>> > + {SCMP_SYS(clone), 247},
>> > + {SCMP_SYS(mmap), 247},
>> > + {SCMP_SYS(mprotect), 246},
>> > + {SCMP_SYS(rt_sigprocmask), 245},
>> > + {SCMP_SYS(write), 244},
>> > + {SCMP_SYS(fcntl), 243},
>> > + {SCMP_SYS(tgkill), 242},
>> > + {SCMP_SYS(rt_sigaction), 242},
>> > + {SCMP_SYS(pipe2), 242},
>> > + {SCMP_SYS(munmap), 242},
>> > + {SCMP_SYS(mremap), 242},
>> > + {SCMP_SYS(getsockname), 242},
>> > + {SCMP_SYS(getpeername), 242},
>> > + {SCMP_SYS(fdatasync), 242},
>> > + {SCMP_SYS(close), 242}
>> > +};
>> > +
At least the following are also used: recvmsg, sendmsg, accept, connect,
bind, listen, ioctl, fallocate, eventfd. I don't know if all of them
have to be included in the list. Other syscalls are not used but
probably should be allowed for simplicity, for example poll.
For ioctl, we may want to refine the white-list depending on the
argument, and perhaps even filter by file descriptor (the KVM ioctls are
in relatively fast paths, so it would be nice if they were passed with
fewer BPF ops).
BTW, please keep this out of vl.c, so that all hairiness can be added as
appropriate.
Paolo
Re: [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp, Daniel P. Berrange, 2012/05/08